Archive

I know, I am a little late this month. We have just entered May and I was able to publish the first part of the Timeline of April. I will try to maintain the usual rhythm and to be more punctual for the next releases.

Anyway, the first part of April has offered many interesting port with several large scale attacks and massive breaches. The first category includes the Darkleech malware against Apache, and the gigantic brute-force attack against WordPress. The second category includes the attacks against two primary Japanese portals, the FPS War Z, Scribd, Linode, and, most of all Schnucks Markets, targeting potentially 2.4 million users.

But not only Cyber Crime in this month, even the hacktivists were quite active with their OpIsrael 2 (and its controversial damage report), the wake of attacks against North Korean web sites, and even the sixth week of DDoS attacks against the U.S. Banks carried on under the so-called Operation Ababil.

Hard times for System Administrators!

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

It is time for the summary of the second half of February, two weeks of remarkable cyber attacks against high-tech giants, massive breaches and Twitter Account Hijackings.

Probably the most resounding events of this period (maybe more for the high profile of the victims than for the actual effects) are the two attacks, allegedly originating from China, (with a common root cause, the compromising of an iPhone developer forum) carried on against Apple and Microsoft.

But not only the two high-tech giants, other illustrious victims have fallen under the blows of hacktivists and cyber criminals. The list is quite long and includes Bank of America, American Express, Casio, ZenDesk, cPanel, Central Hudson Gas & Electric Corporation, etc.).

Last but not least, the unprecedented trail of Cyber attack against Twitter Profile belonging to single individuals (see Donald Trump) or Corporations (Burger King and Jeep). Maybe it is time to change the passwords…

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

A special thanks to Kim Guldberg AKA @bufferzone for continuously advising me about significant cyber events through the Submit Form! Much Appreciated!

Another day, another revelation inside the (in)visible Cyber War going on Middle East. Today Kaspersky Lab has announced the discovery of another strain of malware derived from the infamous Tilded-Platform family: the little brother of Flame, the so-called miniFlame (or “John”, as named by the corresponding Gauss configuration).

The malware has been discovered while looking closer at the protocol handlers of the Flame C2 Infrastructure. An analysis that had previously revealed four different types of malware clients codenamed SP, SPE, FL and IP, and hence the fragmented evidence of a new family of cyber weapons, where one only element were known at the time the FL client corresponding to Flame.

Exactly one month later, another member of the family has been given a proper name: the SPE element corresponding to miniFlame.

Unlike its elder brother Flame (and its cousin Gauss) miniFlame does not appear to be the element of a massive spy operation, infecting thousands of users, but rather resembles more a small, fully functional espionage module designed for data theft and direct access to infected systems. In few words: a high precision, surgical attack tool created to complement its most devastating relatives for high-profile targeted campaigns. The main purpose of miniFlame is to act as a backdoor on infected systems, allowing direct control by the attackers.

Researchers discovered that miniFlame is based on the Flame platform but is implemented as an independent module. This means that it can operate either independently, without the main modules of Flame in the system, or as a component controlled by Flame.

Furthermore, miniFlame can be used in conjunction Gauss. It has been assumed that Flame and Gauss were parallel projects without any modules or C&C servers in common. The discovery of miniFlame, and the evidence that it can works with both cyber espionage tools, proves that were products of the same ‘cyber-weapon factory’: miniFlame can work as a stand-alone program, or as a Flame or event Gauss plugin.

Although researchers believe that miniFlame is on the wild since 2007, it has infected a significantly smaller number of hosts (~50-60 vs. more than 10,000 systems affected by the Flame/Gauss couple). The distribution of the infections depends on the SPE variant, and spans a heterogeneous sample of countries: from Lebanon and Palestine, to Iran, Kuwait and Qatar; with Lebanon and Iran that appear to concentrate the bigger number of infected hosts.

Another evidence of the ongoing (since 2007) silent Cyber War in Middle East.

The first half of August has seen a revamping of Hacktivism, encouraged by the takedown of the famous Torrent Tracker Demonoid (and the consequent OpDemonoid targeting most of all Ukrainian sites), but also encouraged by OpAustralia, the wave of attacks against Australian Web Sites carried on against the Australian Internet Surveillance Law (apparently the latter operation was successful since the controversial law has been put on standby).

But Hacktivism was not the only “trend topic” for this period. The Middle East continues to be the cradle for unexpected cyber weapons threats. In August, two new occurrences of allegedly state sponsored malware: Gauss, a cyber-espionage tool targeting bank transaction, and Shamoon , a destructive malware targeting energy companies.

These are probably the most remarkable Cyber Events of this period, which has also seen a purported giant breach targeting Pearl.fr, a French e-commerce website whose 729,000 accounts, together with over 1 million bank transaction details, have been subtracted by hackers.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

April is over and here it is the second half of the Cyber Attacks Timeline covering the time period spanning from 16 to 30 april 2012.

The last two weeks of this month have been characterized by several remarkable events (at least for the newspapers), such as the #OpBahrain which unleashed a trail of attacks from the Anonymous against websites related to the Formula 1 GP in Bahrain. Other noticeable events triggered by hacktivism include several DDoS attacks against CIA, MI6, Department of Justice, and a couple of Law Enforcement Agencies which continue to be a preferred target for hackers.

On the Cyber Crime front (still the major apparent motivation for the attacks) this month reports, among the events, a breach to Nissan and other DDoS attacks against the District of Columbia, the State of Washington and Nasdaq (I would not define them just motivated by hacktivism). Other events include a couple of 0-day vulnerabilities targeting popular e-mail services and affecting potentially million of users.

Last but not least, April has brought a new cyber attack to Iran crude oil industry, despite, so far, there are no clear evidences of a new Stuxnet-like Cyber Attack. This is not the only episode targeting Iran which also suffered 3 million of banks accounts compromised.

For the chronicle I decided to insert in the timeline also the breach to the game publisher Cryptic Studios. Although it happened in 2010 (sic) it was discovered only few days ago…

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Updated on March 11 to include the latest cyber attacks to Israeli Websites by @CabinCr3w and Anonymous Crkvina

As reported on the last update, it looks like the Cyberwar between Israel and the Middle East (most of all Iran) has come to an apparent truce, at least from the Israeli Site. A trend confirmed also in this last period in which Israel did not perform any Cyber action, but suffered several sparse attacks (mostly defacements) and a new DDoS against AIPAC (American Israel Public Affairs Committee) with a new threatening message from the Anonymous. In the same time, many other countries all over the world suffered cyber attacks in name of the so-called #OpFreePalestine. These attacks were mainly carried on by a crew called Pak Cyber Pyrates who also defaced the isreaeldefenceforces.com webiste.

Is the static position of Israel a possible prelude for an Israeli Military Action against Iran in the real space? According to a panel of experts the chance that the United States or Israel will strike Iran in the next year is 48 percent.

But Israel and Iran are not the only unstable zones in the Middle East Cyber Space: a new cyber war front is raising in Lebanon, which has become the target of several cyber-attacks, carried on by hacktivist hacking groups stressing the need of more democracy, rather than by foreign countries.A front joined by the Anonymous who declared the start of #OpLebanon.

Last but not least, although not reported on the chart, I also found a Lebanese Cyber Army that hacked several Facebook accounts belonging to Israeli people.

At this link the complete timeline at the Middle East Cyberwar Timeline and follow @paulsparrows for the latest updates.

Interesting Links

About This Blog

In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.

Every information is reported with its source.

Anyone intending to use the information contained in my posts is free to do so, provided my blog is mentioned in your article.